Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-rfc3709bis-08: (with COMMENT)
Russ Housley <housley@vigilsec.com> Fri, 09 December 2022 15:42 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75138C15C92E; Fri, 9 Dec 2022 07:42:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5dL9kHESVMq; Fri, 9 Dec 2022 07:42:03 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98B32C14CE27; Fri, 9 Dec 2022 07:42:03 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id A86FA160F3E; Fri, 9 Dec 2022 10:42:02 -0500 (EST)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 7A3D717FD44; Fri, 9 Dec 2022 10:42:02 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <47A06D4A-4B66-4F08-9897-16B45309B0EF@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_81BC156C-42E9-46A9-A54D-8C33404E7950"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 09 Dec 2022 10:42:01 -0500
In-Reply-To: <CAGL5yWZOtn5vu3q6JMLS_g9Kqn=ooR5tJBSX2B6WWcGLo9H7bg@mail.gmail.com>
Cc: IESG <iesg@ietf.org>, "draft-ietf-lamps-rfc3709bis@ietf.org" <draft-ietf-lamps-rfc3709bis@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, LAMPS <spasm@ietf.org>
To: Paul Wouters <paul.wouters@aiven.io>, Tim Hollebeek <tim.hollebeek@digicert.com>
References: <166984691790.52064.521788415598966991@ietfa.amsl.com> <F26B48C9-53EA-47E2-BDED-0CE45558B498@vigilsec.com> <SJ0PR14MB54893B440C495D9AFC65CA0E831D9@SJ0PR14MB5489.namprd14.prod.outlook.com> <CAGL5yWZOtn5vu3q6JMLS_g9Kqn=ooR5tJBSX2B6WWcGLo9H7bg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.10 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/MvSkADgL9sSKoD5g02fs1zuDZL4>
Subject: Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-rfc3709bis-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2022 15:42:05 -0000
> On Dec 8, 2022, at 2:41 PM, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org> wrote: > > On Thu, Dec 8, 2022 at 10:22 AM Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com>> wrote: > > > > ### usage or install of cert? > > > ``` > > > Further, when logotype data is not cached, activity on the network > > > would reveal certificate usage frequency ``` > > > > > > Is the usage of logotypes to be expected every time the certificate is > > > used? Or only when the certificate is "human checked" for > > > installation? I would think when installing a VPN cert, that I would > > > see the logotype when installing the cert, but not every time I bring > > > up my VPN. So I think the "certificate usage frequency" is not necessarily > > leaked as this sentence claims. > > > > This is trying to provide an example of how caching can help with privacy, not > > anything more complex. Doe you see a better way to make that point? > > What is or is not revealed depends on exactly when and how revocation is > checked, which is use case and ecosystem dependent. It's impossible to > say in general what information, if any, is leaked. > > I would be very tempted to just change "would" to "might", as this is really > just a reminder to the reader to consider such considerations. > > Works for me. I have changed the word to "might" in my edit buffer. Russ
- [lamps] Paul Wouters' Yes on draft-ietf-lamps-rfc… Paul Wouters via Datatracker
- Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps… Russ Housley
- Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps… Tim Hollebeek
- Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps… Paul Wouters
- Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps… Paul Wouters
- Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps… Russ Housley